A "work anywhere" Policy to reduce Security Risks

Long gone are the days where entire workforces would need to be in the same office just to work together. Organisations can now collaborate no matter where they are based – and we’re not just talking about having a network of offices all over the world either.

With the rise of high-speed Internet as well as mobile devices and software, businesses based in Bangalore can hire developers in Barcelona and it means that designers based in Paris, France, can easily work with their colleagues in Paris, Texas (USA).

For employees this "work-anywhere" world of business not only means that they can get work from international clients but it also gives them more freedom, which is helpful for people who work best when they are away from the busy environment of an office. Moreover, some employees cannot afford to live in cities such as New York and London, and so the ability to work anywhere means that they can keep living costs down and your business won’t miss out on talent.

These benefits have already caused major companies from all over the globe to adopt work anywhere security policies for their workforces. From water filter company Soma, which hosts "work anywhere weeks" to open-source content management platform WordPress and from GitHub to Basecamp, organisations everywhere are doing it.

However, for all of those organisations adopting the work from anywhere policy, these benefits do come with one trade-off: security risks. So, as your organisation also considers allowing employees to work anywhere (or perhaps you already allow it), it’s more important than ever that you take action to keep your business safe.

Work anywhere needs an Information Security policy

The security risks of the work anywhere world really just boil down to data and keeping it safe. While the safety of data is always an important topic for organisations even when employees all work under one roof (and never take work home with them), the challenges of the work anywhere world are slightly different.

For example, in order to work anywhere, many organizations rely on third-party applications, specifically those that upload data to the cloud. This is obviously useful for when employees need to quickly share a document or a piece of information but what would you do if the servers behind that cloud-based app got hacked and your data fell into the hands of a criminal?

Additionally, if your employees store data on their smartphones, laptops or other Internet of Things devices then there is the added risk of that data being stolen. Moreover, employees may also be susceptible to phishing (either via email or via social phishing), with an IOCTA report noting that organisations now face “significant losses” as a result of phishing practices.

4 tips from LastPass to keep your business safe

A new report recently published by LastPass addresses the security challenges of the work anywhere world, also noting that 25% of the businesses it surveyed said that they’d suffered a breach as a result of a “compromised” cloud account and 8 out of 10 small and medium-sized businesses (SMBs) are worried about an account breach. As such, the company has outlined several methods you can employ to keep your business safe:

Strong Password Management: LastPass explains that “the first line of defense in security largely starts with employees using strong passwords.” Understandably, employees who are busy and use a lot of accounts to complete their work may re-use the same passwords, but LastPass warns against this. The organisation recommends using a password manager to protect passwords, using two-factor authentication for “double protection,” and deleting browser cache/cookies on a regular basis.

Password Sharing: Also on the subject of passwords, LastPass says that employees that need to share passwords (e.g for shared company accounts) need to do so “responsibly.” This means sharing via a password manager, making sure each password is strong, updating passwords whenever an employee with knowledge of the password leaves the company and having a strict password sharing policy in place.

On-boarding and Off-boarding: Speaking of access, LastPass recommends that organisations give employees a “central portal” for their apps and passwords as well as a “centralized team access management system” to assign passwords and credentials and that when an employee leaves, their access needs to be shut off immediately. In addition to promoting better security, these on-board/off-boarding tips should also free up time for your IT departments, adds LastPass.

Prioritize Access Control: LastPass says that access control should be a “serious priority”. To do this, organisations should keep track of which apps its employees are using, to check the security of new apps your organisation uses and “assign specific access privileges to employees and anyone else on your network based on their organizational role.”

If you understand the importance of this topic and you are looking for security experts to help you writing your information security policy for work anywhere employees, do no hesitate to contact us.